The Government Accountability Office has identified four challenges that federal agencies should address as they move to the cloud and these are ensuring cybersecurity, procuring cloud services, tracking savings and costs and maintaining a skilled workforce.
When it comes to cloud acquisition, GAO found that some of the agencies did not always integrate key practices for service level agreements into their contracts for cloud services, such as specifying how networks and data will be managed and responsibilities for notifying the agency in the event of a security breach, according to a report published Wednesday.
GAO recommended that agencies create guidance that includes key practices for such agreements.
The congressional watchdog said most of the agencies continue to utilize cloud services that were not certified under the Federal Risk and Authorization Management Program.
According to the report, four of the major agencies GAO picked for a detailed assessment do not always include in their cloud security plans the required information and incorporate summaries of security control test results in security review reports.
GAO called on the Office of Management and Budget to hold federal agencies accountable for cloud service authorization via FedRAMP.